On Thu, Oct 10, 2019 at 10:40:37AM -0400, Stephen Frost wrote: > > Some people ask for indexable encrypted columns, but I tend to explain to > > them how impractical and inefficient that is. You can support hash indexes > > if you don't salt the encrypted data, but that greatly weakens the > > encryption by allowing attackers to use dictionary attacks and other brute > > force techniques efficiently. And you can't support b-tree > and < without > > very complex encryption schemes ( > > https://en.wikipedia.org/wiki/Homomorphic_encryption). > > I'm not sure why you wouldn't salt the hash..? That's pretty important, > imv, and, of course, you have to store the salt but that shouldn't be > that big of a deal, I wouldn't think. Agreed that you can't support > b-tree (even with complex encryption schemes..., I've read some papers > about how just </> is enough to be able to glean a good bit of info > from, not super relevant to the overall discussion here so I won't go > hunt them down right now, but if there's interest, I can try to do so).
Yes. you can add salt to the value you store in the hash index, but when you are looking for a matching value, how do you know what salt to use to find it in the index? -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription +
